<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Products extends CustomSecurity { 


	function Products($db){ 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $brand, $genProduct, $kolichestvo, $cena, $userId
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($brand, $genProduct){ 

		escape_string($brand);
		escape_string($genProduct);
//		escape_string($kolichestvo);
//		escape_string($cena);

		$statement = "INSERT INTO products (brand, genProduct, userId) VALUES ('$brand', '$genProduct', '".$_SESSION['user_id']."');";
		$results = mysql_query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()


	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "DELETE FROM products WHERE id = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($primaryKeyValue, $columnNameToUpdate, $columnValue){ 

		escape_string($primaryKeyValue);
		escape_string($columnNameToUpdate);
		escape_string($columnValue);

		$statement = "UPDATE products SET $columnNameToUpdate = '$columnValue' WHERE id = '$primaryKeyValue' AND userId=".$_SESSION['user_id'];
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT p.id, brand, genProduct, kolichestvo, cena, vid_kolichestvo, step, gp.category FROM products p INNER JOIN general_product gp ON p.genProduct = gp.pname INNER JOIN vid_kolichestvo vk ON gp.pType = vk.vid_kolichestvo WHERE userId=".$_SESSION['user_id']." AND kolichestvo>0 ORDER BY genProduct, brand ASC";
		$mresults   = mysql_query($statement);
		
		$tokens[0] = 'p.id';
		$tokens[1] = 'brand';
		$tokens[2] = 'genProduct';
		$tokens[3] = 'kolichestvo';
		$tokens[4] = 'cena';
		$tokens[5] = 'vid_kolichestvo';
		$tokens[6] = 'step';
		$tokens[7] = 'gp.category';		
		
//		echo mysql_result($mresults,0,'step');
//		
		$results = transformResults($mresults, $tokens);
//		pre_dump($results);
//		die();
		
		$statement = "SELECT p.id, brand, genProduct, kolichestvo, cena, vid_kolichestvo, step, gp.category FROM products p INNER JOIN general_product gp ON p.genProduct = gp.pname INNER JOIN vid_kolichestvo vk ON gp.pType = vk.vid_kolichestvo WHERE userId=".$_SESSION['user_id']." AND kolichestvo=0 ORDER BY genProduct, brand ASC";
		$mresults0 =  mysql_query($statement);
			
		$results0 = transformResults($mresults0, $tokens);
		
		if (count($results0) >0){
		  return array_merge($results, $results0);
		}

		return $results;

	}//End getAll()

	function getAllAdmin(){

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT p.id, brand, genProduct, kolichestvo, cena, vid_kolichestvo, step, userId FROM products p INNER JOIN general_product gp ON p.genProduct = gp.pname INNER JOIN vid_kolichestvo vk ON gp.pType = vk.vid_kolichestvo ORDER BY genProduct, brand ASC";
		$results   = mysql_query($statement);
		
		$tokens[0] = 'id';
		$tokens[1] = 'brand';
		$tokens[2] = 'genProduct';
		$tokens[3] = 'kolichestvo';
		$tokens[4] = 'cena';
		$tokens[5] = 'vid_kolichestvo';
		$tokens[6] = 'step';
		$tokens[7] = 'iserId';		
		
		return transformResults($results, $tokens);

	}//End getAll()

	
	
	function get($category){ 

		escape_string($category);

		$statement = "SELECT p.id, brand, genProduct, kolichestvo, cena, vid_kolichestvo, step, gp.category FROM products p INNER JOIN general_product gp ON p.genProduct = gp.pname INNER JOIN vid_kolichestvo vk ON gp.pType = vk.vid_kolichestvo WHERE userId=".$_SESSION['user_id']." AND gp.category=\"".$category."\" AND kolichestvo>0 ORDER BY genProduct, brand ASC";
		
		$mresults   = mysql_query($statement);
		
		$tokens[0] = 'id';
		$tokens[1] = 'brand';
		$tokens[2] = 'genProduct';
		$tokens[3] = 'kolichestvo';
		$tokens[4] = 'cena';
		$tokens[5] = 'vid_kolichestvo';
		$tokens[6] = 'step';
		$tokens[7] = 'category';		
		
		$results = transformResults($mresults, $tokens);
		
		
		$statement = "SELECT p.id, brand, genProduct, kolichestvo, cena, vid_kolichestvo, step, gp.category FROM products p INNER JOIN general_product gp ON p.genProduct = gp.pname INNER JOIN vid_kolichestvo vk ON gp.pType = vk.vid_kolichestvo WHERE userId=".$_SESSION['user_id']." AND gp.category=\"".$category."\" AND kolichestvo=0 ORDER BY genProduct, brand ASC";
		
		$mresults0   = mysql_query($statement);
		
		$tokens[0] = 'id';
		$tokens[1] = 'brand';
		$tokens[2] = 'genProduct';
		$tokens[3] = 'kolichestvo';
		$tokens[4] = 'cena';
		$tokens[5] = 'vid_kolichestvo';
		$tokens[6] = 'step';
		$tokens[7] = 'category';		
		
		$results0 = transformResults($mresults0, $tokens);
		
		if (count($results0) >0){
		  return array_merge($results, $results0);
		}

		return $results;
		

	}//End getAll()
	
	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyName, $primaryKeyValue){ 

		escape_string($primaryKeyName);
		escape_string($primaryKeyValue);

		$statement = "SELECT brand, genProduct, kolichestvo, cena, userId FROM products WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$results   = mysql_query($statement);
		
		
		$tokens[0] = 'brand';
		$tokens[1] = 'genProduct';
		$tokens[2] = 'kolichestvo';
		$tokens[3] = 'cena';
		$tokens[4] = 'userId';		
		
		return transformResults($mresults, $tokens);

	}//End getObject()
	
	function getProduct($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "SELECT brand, genProduct FROM products WHERE id = '".$primaryKeyValue."'";
		$results   = mysql_query($statement);
		
		
		$tokens[0] = 'brand';
		$tokens[1] = 'genProduct';
		
		return transformResults($results, $tokens);

	}
	
	function haveProduct($brand, $type){ 

		escape_string($type);
		escape_string($brand);

		$statement = "SELECT p.id FROM products p WHERE brand = '".$brand."' AND genProduct = '".$type."' AND userId=".$_SESSION['user_id'] ;
		$results   = mysql_query($statement);
		
		
		$tokens[0] = 'id';
		
		return transformResults($results, $tokens);

	}
	
	
	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getProductNames($sub){ 
		
		escape_string($sub);

		$statement = "SELECT DISTINCT brand FROM products WHERE brand LIKE LOWER('%$sub%') ORDER BY brand ASC";
		$results   = mysql_query($statement);
		
		$tokens[0] = 'brand';
		
		return transformResults($results, $tokens);

	}//End getObject()
	
	


}//End Class Products
?>